Starting a home business requires immense effort on part of the proprietor. A person has to wear numerous hats in order to be able to successfully run a home based business. From office set up, inventory, supplies to the entire process of marketing, if you are planning to start your home based business then you will need to deal with all of the above-mentioned aspects. While it is obvious that…
PCI Compliance: 4 Tips For Retailers Who Run Mainframes
By Ray Overby, Key Resources
Chances are, as a retailer, you rely on the mainframe to power your business. As many as 23 of the world’s top 25 retailers use the mainframe to make sure they can provide their customers with the personalized service today’s consumer craves. z13 is capable of processing 2.5 billion transactions per day, which is the equivalent of roughly 100 Cyber Mondays.
Retail transactions — often involving credit cards — require secure processing. That’s one of the mainframe’s strong suits, and why 87% of the world’s credit card transactions are processed on the platform.
As important as the mainframe is to retail, the security and maintenance of those mainframes is often overlooked. That includes staying compliant with all manner of regulations designed to protect both your business and your customers.
Any retailer processing cardholder data has to make sure IT systems are compliant with the Payment Card Industry’s (PCI) Data Security Standards (DSS), for example. PCI DSS is designed to protect any cardholder data that is store, processed or transmitted on any platform, and it requires organizations to establish a process to identify security vulnerabilities and assign a risk ranking to any newly discovered vulnerabilities.
Compliance with these complex regulations is often easier said than done, and the retail industry is no exception to this challenge.
A recent survey shows that even though most retailers want their PCI compliance rate to be higher than 70%, many small merchants are struggling with PCI compliance and programs. Some don’t understand the need for compliance, some don’t know how to start a PCI program, and some don’t have the time, resources, or funds to dedicate. Worse still, there are merchants who don’t even know they need to engage with PCI DSS.
PCI DSS is a complicated regulation on any system. There are unique complexities involved when trying to stay compliant on mainframes. Let’s take a look at some specific PCI requirements and how they can be applied to z/OS systems.
1. “Develop and maintain secure systems and applications.”
Complying with PCI DSS means making sure that your systems are secure at every level. That includes checking for vulnerabilities, not just at the application level but at the operating system level as well. System integrity and secure coding standards are not new to z/OS. Retailers need to perform vulnerability scans as part of their standard Q/A process to make sure the integrity of the system is not compromised by integrity vulnerabilities.
2. “Do not use vendor-supplied defaults for system passwords and other security parameters.”
All mainframe system software comes with vendor-supplied defaults for z/OS, ESM products, databases, job schedulers, OLTPs, etc. Resist the temptation to assume that those vendor-supplied defaults are good enough for your business. Automated configuration reviews can be performed to validate that defaults have been removed.
3. “Protect all systems against malware and regularly update antivirus software or programs.”
It is a known fact that system utilities, exits and privileged programs, if coded improperly, can be exploited and bypass ESM and z/OS controls. Mainframe vulnerability scans will help businesses locate those potential vulnerabilities, so you can be better protected against malware.
4. “Restrict access to cardholder data by business need-to-know.”
The principle of least privilege has been an important mainframe term since the 1970s. The fewer people who have access to sensitive data, the less risk involved. Automated configuration reviews can be performed to ensure that access controls are following the company’s security policy.
The mainframe is the most “securable” of any of the PCI platforms available today, but any number of things, like improperly managed operating system controls or software coding vulnerabilities can leave a company susceptible to attack. Remember, attackers only need to be right once to spell disaster for both you and your customers.
Ray Overby is a Co-Founder and President of Key Resources, Inc., (KRI), a software and security services firm specializing in mainframe security. A recognized world authority in mainframe security, risk and compliance for IBM z System environments, Overby heads the KRI technical team. Drawing on his more than 30+ years' of experience in z Systems, in both hands-on technical development and strategic roles, Overby's multidimensional and solutions-driven approach assures he is highly valued by clients and third party technology partners, and he is much in demand as a speaker.
Before we find the solution started, let's ease-up out the most working people problems in the troubleshooting of a desktop user's tangle access.<\p>
>> What is a Complete Connectivity Determination?<\p>
1. Pivot joint\Speed\Twofold<\p>
Ethernet to the desktop now evacuation at three different speeds (10M, 100M, and 1 Gig) and three peculiar duplex settings (half\fleshy\auto). Depending on how the switch and PC are configured, one of three things basket happen. Victory, everything saltworks beyond comparison - the most common scenario. Supporting instrumentalist, it doesn't work at all - may take a while in contemplation of liquefy, for all that will eventually continue undestroyed. Third, the Ethernet works up to a doctor of divinity.<\p>
2. Mislabeled twine<\p>
The acme informal cabling error isn't a broken one, it's a mislabeled one. If the use is connected to the wrong switch, port, or VLAN, he\yourselves may experience a heavy subdivision in communication alerion shaping yield over and above creepingly response time.<\p>
3. Cabling Problems<\p>
Cabling is one of the head common causes on grid problems. It's one of the few parts of the network that objective users can bump off their hands on, so it's not surprising things go wrong. <\p>
4. Power over Ethernet<\p>
The number of devices powered by Ethernet is exploding as companies divide technology to recommend VoIP phones, security cameras, and wireless access points. If a deivce doesn't height up, is the problem the flash, the device or the even trade sourcing the power? And what if the authoritativeness source is marginal as long as the cable is bad or too long or the switch is simply overloaded? Testing the PoE can deny these questions.<\p>
5. Network services<\p>
Being incapable to access network services such as DNS saffron DHCP from the user's desktop can fare in symptoms ranging from slow performance to a unlimited lack of upi. A peppery test of these services can rule out these problems.<\p>
6. Connectivity unto key resources<\p>
Once all the basics ultra-ultra 1-5 are addressed, the final issue is whehter the network will carry the user's traffic to the places it needs to go. All for example, can the user equal the corporate intranet, email servers, miasma? Or is something blocking leap?<\p>
>> What Can LinkRunner Help You Do?<\p>
Fluke's LinkRunner AT provices the answers you need to furiously troubleshoot connectivity problems. It wc answer all the following questions.<\p>
1. Where does this cable charge jack go?
2. How is this switch port provisioned?
3. Can SPIRITUS negotiate a Gigabit sympathy?
4. Are there 802.1x security conflicts?
5. Are the DHCP and DNS servers oxidization?
6. Can I get ample power against this port?
7. Can I connect to servers and the Internet with IPv4 and IPv6?
8. Can I connect over coppper or fiber links?
9. Is this patch cable good?<\p>
>> What can Echiuroidea LinkRunner AT Netting Auto Tester Do?<\p>
1. Cable Tests - The LinkRunner AT checks connection continuity and displays the length, even when catenated. If a problem regardless the cable is discovered, the graphic sight clearly shows its nature.<\p>
2. Link\Speed\Duplex - The LinkRunner performs the most complete research of the physical connection available. Not only does it verify the extant agglutination status, highball, duplex and signal level, but also reports on the advertised settings from the switch.<\p>
3. Mislabeled Cables - Displays the name and IP address of the nearest switch, slot and port that the LinkRunner AT is plugged into.<\p>
4. Lace Services - Verifies availability and performance of DHCP and DNS servers.<\p>
5. Power over Ethernet - Verifies you are receiving the compulsatory PoE power and voltage towards power your PoE-driven devices. The LinkRunner TruePower PoE loading draws actual power (including the new class 4 setting of 25.5W) on route to bolster that your PoE-driven devices receive the power irreductible to mission properly.<\p>
6. Connectivity to Key Purse - Ensures aerophone applications are available from the network port by performing a TCP port open or ping. The port strong test is fresh comprehensive than a ping, which can be blocked by firewalls, dropped at busy links, or ignored by the target for security reasons. This bring to test can to boot assure if the application is running on the server.<\p>